Even if you have opted out of the tracking option in Facebook, or don’t have account at all, the company is still watching your web movements through the use of social plugins, thereby breaking EU laws, says a report by the Belgian Privacy Commission.

Areportcommissioned by the BPC has
discovered that Facebook tracks everyone, even logged-out users
or people who don’t have an account at all, primarily through the
use of cookies and the ‘like’ button which is found on more than
13 million websites worldwide.

According to EU law, websites must receive a user’s permission
before placing any cookies on their computers. The automatic
placement of tracking cookies is in “violation of European
law,” that is why all EU websites ask users to ‘allow
cookies’ on the first visit.

By default Facebook installs tracking cookies – tiny files
containing user’s settings and previous activity – upon a visit
to any page on the facebook.com domain, which translates into
tracking users for advertising purposes across non-Facebook
websites.

However, as the report found, for non-users or those who opted
out, Facebook instead installed a special cookie called ‘datr’
which still contains a unique identifier and thus could be used
to track user during every visit to a website containing a
Facebook ‘like’ button.

Facebook disputed the conclusions of the report, claiming it
“contains factual inaccuracies,” according to an emailed
statement to the Guardian. “The authors have never contacted
us, nor sought to clarify any assumptions upon which their report
is based,” the statement said.

Facebook allegedly “explained in detail” inaccuracies in
the earlier draft report after it was published directly to the
Belgian DPA. The Silicon Valley giant even offered to meet the
authors of the report to explain why their conclusions were
“incorrect.”

The use of cookies for logged-out accounts is a standard and
lawful practice that has been used for years, the company says.
Facebook argues that the use of 'datr' to identify and disable
accounts if needed and provide extra security features.

“We collect information when you visit or use third-party
websites and apps that use our services. This includes
information about the websites and apps you visit, your use of
our services on those websites and apps, as well as information
the developer or publisher of the app or website provides to you
or us,” Facebook's data usage policy says after the company
rolled out its new policies and terms on January 30th, 2015.

The company remains confident that its updated policies comply
with EU regulations, the spokeswoman said, adding that the giant
is routinely working with its EU regulator, the Irish Data
Protection Commissioner (DPC).

However, the new policies, are now under the investigation of the
Belgian, Dutch and a German privacy authority. The report will be
taken into account by the three authorities, a spokeswoman for
the Belgian Privacy Commission said, adding that it was too early
to draw any conclusions.